This page describes the most basic workflow for importing an externally created CA (i.e created on another EJBCA node), such as the Root CA on an Issuing CA, or the Issuing CA on an OCSP signer.

For more general information on managing CAs, see Managing CAs and for conceptional information, see Certificate Authority Overview.

Import External CA

To import an external CA, do the following:

  1. In the CA UI, click Certification Authorities under CA Functions to open the Manage Certificate Authorities page.

  2. Click Import CA Certificate.
  3. Specify the name of the externally imported CA and then click Choose file to upload the certificate belonging to that CA. 

  4. Click Import CA Certificate to create a proxy for this CA locally, listing it as External CA.

This External CA will naturally not be editable, and the only available actions on the Edit CA page are setting up certain OCSP functionality and the ability to update the certificate (if a new certificate is issued).